A report released Thursday by the industrial cyber security company Dragos reveals that the industrial sector has been attacked by five groups of threats known to target the industrial environment.
According to Dragos, the manufacturing industry is at increased risk of cyber attacks, including attacks aimed at disrupting the production process and attacks aimed at gathering valuable information. However, the company claims that it has not observed any serious or complex incidents with CSI-specific malware targeting manufacturing operations.
The list of CSI focus groups that Dragos has identified as industry-focused organizations includes CHRYSENE, PARISITE, MAGNALLIUM, WASSONITE and XENOTIME.
MAGNALLIUM is a group associated with Iran that has been active at least since 2013. We know their targets were companies in Europe, North America, South Korea and Saudi Arabia. MAGNALLIUM is not known to have specific characteristics for ICS, but Dragos warns that malicious code used by hackers in IT environments can also be used in management networks. PARISITE is a separate group that helps MAGNALLIUM to gain initial access to the target systems.
WASSONITE is a North Korean affiliated group with organisations in India, South Korea and Japan. It has been in force at least since 2018, but does not appear to have the capacity to disrupt or destroy the industrial environment.
CHRYSENE, a group associated with Iran, is known to focus on industrial networks in the Middle East and the United Kingdom. He was in contact with OilRig and Greenbug, who were allegedly involved in the infamous attacks on Shamun. CHRYSENE focused on network penetration and MCT-specific results.
On the other hand, XENOTIME is the only known group focused on the manufacturing industry that is actually capable of launching devastating attacks against ICS, as evidenced by the 2017 Trisis/Triton malware attack. The malware was linked to a Russian research institute.
When threat actors want to focus on ICS in production organisations, they have many weaknesses that they can exploit to achieve their goals. According to Dragos, there are more than 260 vulnerabilities affecting devices commonly used in manufacturing environments, many of which can compromise security.
Dragos also reported an increase in attacks on ICS for ransom, and the company believes that extortion is the most common threat to production. There are several families of salvation that can be tailored to O.T. software processes.
Industrial espionage and intellectual property theft are other serious threats to the manufacturing industry, said Dragos.
Intellectual property and theft of trade secrets related to automation processes and functions can enable industrial organisations and interested states and governments to accelerate the development of critical infrastructure, including manufacturing. It can also support state-sponsored espionage activities in the interest of political or national security, the company said.
The full Dragos report, which also includes recommendations for production sites, can be downloaded in PDF format.
Looks like: IoD devices from leading vendors infected with malware through the attack chain
That’s what it looks like: Researchers analyze the entry points, the vectors of the attack on production systems.
@EduardKovacs – Publisher of the Safety Week. He worked for two years as a high school computer science teacher before starting a career in journalism as a security reporter for Softpedia. Edouard has a bachelor’s degree in industrial computer sciences and a master’s degree in computer engineering for electrical engineering.
Previous chronicles of Eduard Kovacs :